




Our application logs off after 30 min and gets redirected to login page,i am specifying session timeout in web.xml and using a requestProcessor for redirecting.I want to show to the user a message saying your session got expired once the session expires,how can i do that.Auto log off ?I would like to prompt the error message on the page"The session is timeout, please login again" . Then how could I detect the session is timeout? will any methods trigger automatically?


创建一个活动检查器,检查每一分钟是否发生任何用户活动(mouseclick,keypress )并在服务器端执行心跳以在用户处于活动状态时使会话保持活动状态,并在用户未处于活动状态时不执行任何操作。如果30分钟内没有活动(或者在服务器端设置了默认会话超时),则执行重定向。

Create an activity checker which checks every minute if any user activity has taken place (mouseclick, keypress) and performs a heartbeat to the server side to keep the session alive when the user is active and does nothing when the user is not active. When there is no activity for 30 minutes (or whatever default session timeout is been set on server side), then perform a redirect.


Here's a kickoff example with little help of jQuery to bind click and keypress events and fire ajax request.

<script src="http://code.jquery.com/jquery-latest.min.js"></script>
    $(document).ready(function() {
        $.active = false;
        $('body').bind('click keypress', function() { $.active = true; });
        checkActivity(1800000, 60000, 0); // timeout = 30 minutes, interval = 1 minute.

    function checkActivity(timeout, interval, elapsed) {
        if ($.active) {
            elapsed = 0;
            $.active = false;
        if (elapsed < timeout) {
            elapsed += interval;
            setTimeout(function() {
                checkActivity(timeout, interval, elapsed);
            }, interval);
        } else {
            window.location = 'http://example.com/expired'; // Redirect to "session expired" page.

创建一个 Servlet ,它监听 / heartbeat 基本上只做以下几点:

Create a Servlet which listens on /heartbeat and does basically just the following:

protected void doGet(HttpServletRequest request, HttpServletResponse response) {



When you store the logged-in user in the session, it will be "automagically" logged out whenever the session expires. So you don't need to manually logout the user.


07-24 14:03